Multiple vulnerabilities in Hitachi Energy SDM600



Published: 2022-04-27 | Updated: 2022-06-03
Risk Medium
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2020-1968
CVE-2020-12243
CVE-2020-25709
CVE-2020-25710
CVE-2020-36229
CVE-2020-36230
CVE-2021-23840
CWE-ID CWE-200
CWE-399
CWE-617
CWE-843
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SDM600
Server applications / SCADA systems

Vendor Hitachi ABB Power Grids

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Raccoon attack

EUVDB-ID: #VU46573

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-1968

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a timing flaw in the TLS specification. A remote attacker can compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite and eavesdrop on all encrypted communications sent over that TLS connection.

Note: The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SDM600: before 1.2 FP2 HF10


CPE2.3
External links

http://ics-cert.us-cert.gov/advisories/icsa-22-116-01

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Resource management error

EUVDB-ID: #VU27445

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-12243

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error when performing searches with nested boolean expressions in filter.c within the slapd daemon in OpenLDAP. A remote attacker can send a specially crafted LDAP request to the affected server and crash the LDAP service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SDM600: before 1.2 FP2 HF10


CPE2.3
External links

http://ics-cert.us-cert.gov/advisories/icsa-22-116-01

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

3) Reachable Assertion

EUVDB-ID: #VU48516

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25709

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in certificateListValidate() function in schema_init.c. A remote attacker can send specially crafted packet to the slapd daemon, trigger an assertion failure and crash the service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SDM600: before 1.2 FP2 HF10


CPE2.3
External links

http://ics-cert.us-cert.gov/advisories/icsa-22-116-01

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

4) Reachable Assertion

EUVDB-ID: #VU48515

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25710

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing LDAP requests in slapd within the csnNormalize23() function in schema_init.c. A remote attacker can send a specially crafted packet to the server, trigger an assertion failure and crash the daemon.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SDM600: before 1.2 FP2 HF10


CPE2.3
External links

http://ics-cert.us-cert.gov/advisories/icsa-22-116-01

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

5) Type Confusion

EUVDB-ID: #VU50396

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36229

CWE-ID: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SDM600: before 1.2 FP2 HF10


CPE2.3
External links

http://ics-cert.us-cert.gov/advisories/icsa-22-116-01

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

6) Reachable Assertion

EUVDB-ID: #VU50397

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36230

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SDM600: before 1.2 FP2 HF10


CPE2.3
External links

http://ics-cert.us-cert.gov/advisories/icsa-22-116-01

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

7) Input validation error

EUVDB-ID: #VU50745

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-23840

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input during EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate calls. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SDM600: before 1.2 FP2 HF10


CPE2.3
External links

http://ics-cert.us-cert.gov/advisories/icsa-22-116-01

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###